Real-time threat intelligence from trusted sources
APT31, a China-linked advanced persistent threat group, has been conducting stealthy cyberattacks on the Russian IT sector from 2024 to 2025, focusing on contractors and integrators for government agencies. These attacks have remained undetected for extended periods, raising concerns about the security of the targeted organizations.
The Hacker News
The article discusses a new command-and-control platform, Matrix Push C2, which utilizes browser notifications to execute phishing attacks by distributing malicious links. This fileless framework targets victims across different operating systems using push notifications, fake alerts, and link redirects.
The Hacker News
CISA has identified a critical security vulnerability in Oracle Identity Manager, classified as CVE-2025-61757, which is actively being exploited. This vulnerability involves missing authentication for a critical function, posing significant security risks.
Salesforce customers have been targeted again by threat actors from the ShinyHunters group, who exploited a third-party application to access sensitive Salesforce data. This repeated attack highlights the ongoing vulnerabilities associated with third-party integrations and the need for enhanced security measures.
Toto Wolff, the Team Principal of Mercedes F1, has sold a 15% stake in the team to George Kurtz, the CEO of CrowdStrike. This transaction highlights the ongoing partnership between CrowdStrike and the Mercedes F1 team, which began in 2019, indicating a strengthening of ties between cybersecurity and motorsport.
The LINE messaging app has significant security vulnerabilities due to its leaky custom protocol, which can lead to message replays, impersonation attacks, and exposure of sensitive information. These issues pose serious risks for users in Asia, potentially aiding geopolitical adversaries in cyber espionage activities.
The article highlights a recent outage experienced by Cloudflare, a leading service provider, which serves as a critical reminder of the vulnerabilities inherent in even the most advanced digital systems. Dr. David Utzke emphasizes that this incident could have significant implications for enterprises relying on such services, potentially disrupting the global digital economy.
The article discusses a new security framework designed to counteract evolving tactics used by attackers who can infiltrate enterprises quietly by exploiting their own policies. This shift in tactics highlights the need for organizations to adapt their security measures to prevent such silent breaches.
Grafana has issued security updates to fix a critical vulnerability, CVE-2025-41115, with a CVSS score of 10.0. This flaw in the SCIM component can lead to privilege escalation and user impersonation under specific configurations.
The article highlights several significant cybersecurity incidents, including a data breach affecting 120,000 individuals and a surge in scanning activities by Palo Alto Networks. Additionally, it mentions ongoing legal battles involving WhatsApp and NSO, as well as the emergence of AI-related security threats such as second-order prompt injection attacks.
The article discusses how automation is transforming entry-level roles in cybersecurity, leading to concerns about the ability of upcoming security professionals to acquire essential hands-on experience. This shift could significantly impact the future of the cybersecurity workforce, raising questions about the effectiveness of training and skill development in a rapidly evolving field.
The US is shifting its cyber strategy to focus on influencing adversary behavior through consequences and aggressive responses. This change indicates a more offensive approach to cybersecurity, emphasizing the need for proactive measures against potential threats.
A critical unauthenticated remote code execution vulnerability, identified as CVE-2025-61757, has been discovered in Oracle Identity Manager. This flaw poses significant risks as it may be exploited as a zero-day, allowing attackers to execute arbitrary code without authentication.
The GridEx VIII exercise saw participation from over 370 organizations, marking a significant increase of nearly 50% from the previous iteration two years ago. This highlights a growing recognition of the importance of cybersecurity in both cyber and physical grid security among various stakeholders.
Google has updated its Quick Share service to enable compatibility with Apple's AirDrop, facilitating easier file sharing between Android and iPhone devices. This feature is currently available for the Pixel 10 lineup and is expected to expand to other devices in the future.